Change nRFutil settings to generate upload package for nRF52832 Adafruit framework


I have been working platformIO for a while, and recently have been looking into enabling some advanced features in my product. The feature that I am currently focused on is getting the firmware build by the nRFutil tools to be cryptographically signed.
This following command is what I want to implement in my platformIO environment
nrfutil pkg generate --application <path_to_hex_file> --application-version 0 --hw-version 52 --sd-req 0x98 --key-file private-key.pem
Does PlatformIO use the above command during upload process? If so, does adding the flags such as --key-file to upload_file be sufficient?

Any assistance is appreciated, Thanks!

The upload process is a multi-step process.

The package zip file is generated with this command recipe

And since the a adafruit_feather_nrf52832 board the default upload protocol is

PlatformIO will

Meaning the firmware is first compiled to .elf as normal, then converted to .hex, and then given as input to the PackageDfu builder command as displayed above to give the package.

That .zip package is then uploaded via this command

As you can see above, PlatformIO does not use a --key-file private-key.pem command during the package generation, and using upload_flags would only add flags to the UPLOADCMD (via $UPLOADERFLAGS) which is after the ZIP file has already been generated.

PlatformIO’s builder script above does currently not give the user the opportunity to add custom flags in the package generation process, such as a signing key.

I would suggest:

  1. Locally change <user home directory>/.platformio/platforms/nordicnrf52/builder/ lines 130-147 by adding your own "--key-file", "private-key.pem", arguments into the array at the correct place. Verify that the argument is included correctly by using the project task Advanced → Verbose Upload, which shows in the end all invoked commands before and during upload.
  2. Open an issue at Issues · platformio/platform-nordicnrf52 · GitHub so that the builder script might make use of a private key file if instructed to do so via the platformio.ini.